# `AdyenClient.Webhooks.HMAC`
[🔗](https://github.com/iamkanishka/adyen_client/blob/v1.0.0/lib/adyen_client/webhooks/webhooks.ex#L1)

HMAC-SHA256 webhook signature validation for Adyen notifications.

Adyen signs webhook payloads using HMAC-SHA256 with a hex-encoded key.
The signature is computed over a pipe-delimited string of specific fields.

## Usage

    hmac_key = Application.get_env(:adyen_client, :webhook_hmac_key)

    case AdyenClient.Webhooks.HMAC.validate(notification_item, hmac_key) do
      :ok -> handle_event(notification_item)
      {:error, reason} -> Logger.warning("Webhook rejected: #{reason}")
    end

# `notification_item`

```elixir
@type notification_item() :: map()
```

# `compute`

```elixir
@spec compute(notification_item(), String.t()) :: String.t()
```

Compute the HMAC-SHA256 signature for a notification item.

Returns the base64-encoded signature string.

# `validate`

```elixir
@spec validate(notification_item(), String.t()) ::
  :ok | {:error, AdyenClient.Error.t()}
```

Validate the HMAC signature of a standard webhook notification item.

`notification_item` should be the map at `notificationRequestItem` level,
containing keys: `pspReference`, `originalReference`, `merchantAccountCode`,
`merchantReference`, `value`, `currency`, `eventCode`, `success`, `additionalData`.

# `validate_balance_platform`

```elixir
@spec validate_balance_platform(String.t(), String.t(), String.t()) ::
  :ok | {:error, AdyenClient.Error.t()}
```

Validate the HMAC signature of a Balance Platform webhook.

Balance Platform webhooks use a different signing approach:
the full JSON body is signed directly.

---

*Consult [api-reference.md](api-reference.md) for complete listing*